Playing with computers since age 13, time to start documenting all the wonderful things and treasures I have discovered and developed - also a blog to serve as a time-saver by not having to reinvent the wheel.

Search

Sunday, March 26, 2017

The passage of time has always been fascinating and measuring that passage accurately is important and intellectually simulating to me. Twice every year, during daylight savings time change, I go around the house setting every non-atomic clock to exactly the 00th second of the next minute the best I can, manually referencing a technological marvel on my wrist, a Casio Pathfinder Triple-Sensor Solar that, among numerous awesome things, synchronizes to NIST's WWVB atomic clock signal from Fort Collins, Colorado every night. I have had multiple discussions with the family about running all the clocks in the house in UTC, and actually have a fully functional binary wall-clock and a binary wrist-watch as well.

I run multiple free public Network Time Protocol (NTP) servers that help in distributing time across the world to numerous computer systems and devices. All of my internet-facing NTP servers participate in the NTP Pool Project, and the servers that serve stratum 2 time are also listed at ntp.org.

I have spent significant time locating, testing and short-listing public stratum-1 NTP servers to run my stratum-2 servers off. The remaining servers are stratum-3, with my stratum-2 servers used as time sources among others for them.

The intent of this post is to document all of my ntp.conf NTP daemon configuration files for quick recovery from any catastrophic failure and subsequent reinstallation of any of my servers.

sanyalnet-cloud-vps.freeddns.org

sanyalnet-cloud-vps.freeddns.org is a free public stratum-2 NTP server running on a CentOS 7 virtual machine in a data-center in Kitchener in Ontario, Canada, using the following /etc/ntp.conf NTP configuration file and using free public stratum-1 NTP servers as time sources.

For security, NTP queries are limited to be responsive if issued from localhost only:

# ntpq -p 127.0.0.1# ntpdc -p 127.0.0.1

The easiest way to make sure the server is serving time is to execute a ntpdate query from an external system over the internet:

Similarly, to monitor the time sources this NTP server is synchronizing time from using tshark:

# nice -n 19 ionice -c3 tshark -i ens33 -Y ntp | grep "client"

sanyalnet-cloud-vps2.freeddns.org

sanyalnet-cloud-vps2.freeddns.org is another free public stratum-2 NTP server running on a different CentOS 7 virtual machine in a data-center in Kitchener in Ontario, Canada, using this /etc/ntp.conf:

Again, for security, NTP queries work only from localhost:

# ntpq -p 127.0.0.1# ntpdc -p 127.0.0.1

To check if the NTP server is active and serving time to external hosts over the internet, execute a ntpdate query from an external system:

sanyalnet-ntp.freeddns.org

This free public NTP server is actually running on a pfSense (based on FreeBSD) virtual machine that is my primary home internet entry point serving as the first of a custom three-level internet security and unified threat management system and firewall home internet gateway. It is a free public stratum-2 NTP server. The configuration file /var/etc/ntpd.conf is created from the pfSense saved configuration, dynamically at boot time or on changing the pfSense NTP configuration via the pfSense web interface.

tshark is not included in the standard pfSense installation. To monitor NTP traffic, use tcpdump on the WAN interfaces, similar to:

nice -19 tcpdump -i em2 udp port 123 | grep " > "

You can also monitor outgoing NTP responses to external clients by filtering the tcpdump output for the word "Server". Conversely, you can monitor the time sources this server is synchronizing itself with using the filter "Client".

nice -19 tcpdump -i em2 udp port 123 | grep " > " | grep "Server"

nice -19 tcpdump -i em2 udp port 123 | grep "Client"

Stratum-3 Free Public NTP Servers

The free public stratum-3 NTP servers I maintain, including wbri.duckdns.org, yiradio.duckdns.org etc., are Linux CentOS 7 virtual machines serving NTP usually at stratum 3 using the /etc/ntp.conf configuration file below. This NTP configuration prefers my stratum-2 servers as preferred time sources, along with free public stratum-1 servers as secondary sources. If all the stratum-2 servers become unusable in this configuration, the NTP server will then become a stratum-2 server itself, since it will use only stratum-1 servers then.

Solaris 11 OpenIndiana NTP Time Server

I run a hobbyist Solaris 11 OpenIndiana server inside my local area network. The NTP configuration file for Solaris 11 resides in /etc/inet/ntp.conf. Since the Solaris server is inside my LAN, it can access the other LAN-only NTP servers directly as the primary time source, including the Sophos 9 UTM and ClearOS servers that form the 2nd and 3rd layers of my 3-layer home internet security system. As mentioned before, the first layer is the internet-exposed pfSense server. Here is what I use for NTP configuration for the Solaris 11 server.

Digital DEC OpenVMS 7.3 VAX TCPIP NTP Time Server

My hobbyist OpenVMS 7.3 VAX servers QCOCAL VAXserver 3900 Series and CLOUDY VAX-11/780 run the NTP service that is included with Compaq TCP/IP Services for OpenVMS VAX Version V5.1. QCOCAL is reachable over the internet via TELNET sanyalnet-openvms-vax.freeddns.org. CLOUDY and numerous Digital machines including VAXen, PDP-11s etc. can be reached from QCOCAL over DECnet thanks to the HECnet Hobbyist DECnet project that I am very excited to be a part of.